Confidential Computing: The Future of Cloud Computing Security

Overview

Currently, it is common practice to encrypt data when it is stored or transmitted, but the encryption of data in use, specifically in memory, is often neglected. Moreover, conventional computing infrastructure lacks robust mechanisms to safeguard data and code during their active use. This poses a challenge for organizations dealing with sensitive information like Personally Identifiable Information (PII), financial data, or health records, as they must address potential threats that could compromise the confidentiality and integrity of both the application and the data residing in system memory. Confidential computing protects data in use by performing the computation in a hardware-based, attested Trusted Execution Environment. By establishing secure and isolated environments, organizations can effectively enhance the security of their operations involving sensitive and regulated data. These controlled environments ensure that unauthorized access or alterations to applications and data during their active usage are prevented. As a result, the overall security posture of these organizations is significantly elevated.

Introduction

Computing encompasses three distinct states for data: during transit, at rest, and in use. When data is actively moving through a network, it is considered "in transit." Data that is stored and not actively accessed is referred to as "at rest." Lastly, data being processed or utilized is categorized as "in use." In our modern era, where the storage, consumption, and sharing of sensitive data have become commonplace, safeguarding such data in all its states has become increasingly crucial. This pertains to a wide range of sensitive information, including credit card data, medical records, firewall configurations, and even geolocation data. Cryptography is now commonly deployed to provide both data confidentiality (stopping unauthorized viewing) and data integrity (preventing or detecting unauthorized changes). While techniques to protect data in transit and at rest are now commonly deployed, the third state - protecting data in use - is the new frontier.

Security risks for unprotected data “in use”

As threat vectors against network and storage devices are increasingly thwarted by the protections that apply to data in transit and at rest, attackers have shifted to targeting data-in-use. The industry witnessed several high-profile memory scraping, such as the Target breach, and CPU-side-channel attacks which have dramatically increased attention to this third state, as well as several high profile attacks involving malware injection, such as the Triton attack and the Ukraine power grid attack.

Advanced malware protection is a type of an intelligence-powered, incorporated enterprise-class highly developed malware analysis and protection solution.  It also gives security teams the level of deep visibility and control that is required to quickly detect attacks, cooperation and control malware before it causes damage. According to analysis conducted by Data Bridge Market Research, Advanced malware protection market size is valued at USD 8,901.17 million by 2028 and is expected to grow at a compound annual growth rate of 14.30% in the forecast period of 2021 to 2028. Data Bridge Market Research report on advanced malware protection provides analysis and insights regarding the various factors expected to be prevalent throughout the forecasted period while providing their impacts on the market’s growth.

https://www.databridgemarketresearch.com/reports/global-advanced-malware-protection-market

• In 2017, a malicious software known as Triton came to light after its initial identification at a petrochemical plant in Saudi Arabia. This malware possesses the capability to deactivate safety instrumented systems, thereby potentially leading to a catastrophic industrial accident. Often dubbed as "the world's most lethal malware," Triton was specifically crafted to target a particular industrial control system (ICS) controller. Such controllers are employed in select critical infrastructure facilities to swiftly initiate emergency shutdown protocols when necessary.. Attackers, believed to work for a nation state, used sophisticated malware – called Triton – to infiltrate one of Schneider’s Triconex safety systems. It’s these safety systems that shut down operations in nuclear facilities, oil and gas plants, water treatment facilities and more when hazardous conditions are detected.
• The 2015 Ukraine power grid attack was a cyberattack that took place on December 23, 2015. The attack targeted the power grid in two western oblasts of Ukraine, and resulted in power outages for roughly 230,000 consumers in Ukraine for 1-6 hours. The attack was the first publicly acknowledged successful cyberattack on a power grid. The attack was carried out by a group of hackers known as Sandworm, who are believed to be affiliated with the Russian government. The hackers used a combination of malware and social engineering techniques to gain access to the power grid's control systems. Once they had access, they were able to remotely disable substations and cause power outages.

As the amount of data stored and processed on mobile, edge, and IoT devices continues to grow, ensuring the security of data and applications during execution becomes more critical. These devices often operate in remote and challenging environments, making it difficult to maintain their security. Additionally, considering the personal nature of the information stored on mobile devices, manufacturers and mobile operating system providers must demonstrate that personal data is protected and remains inaccessible to device vendors and third parties during sharing and processing. These protections must adhere to regulatory requirements. Even in situations where you have control over your infrastructure, safeguarding your most sensitive data while it is being used is an essential component of a robust defense-in-depth strategy.

Confidential Computing leverages hardware-based Trusted Execution Environments (TEEs) to safeguard data during its active use. By adopting Confidential Computing, we can effectively mitigate many of the threats discussed earlier. A Trusted Execution Environment (TEE) is an environment that ensures a high level of assurance in terms of data integrity, data confidentiality, and code integrity. Utilizing hardware-backed techniques, a TEE provides enhanced security guarantees for executing code and protecting data within the environment.

In the context of confidential computing, unauthorized entities encompass other applications on the host, the host operating system, hypervisor, system administrators, service providers, and the infrastructure owner, along with anyone who has physical access to the hardware. Data confidentiality ensures that these unauthorized entities are unable to access data while it is being utilized within the Trusted Execution Environment (TEE). Data integrity protects against unauthorized alterations to data during processing by entities outside the TEE. Code integrity guarantees that unauthorized entities cannot replace or modify the code within the TEE. Collectively, these attributes not only assure data confidentiality but also ensure the correctness of computations, instilling trust in the computation results. This level of assurance is often absent in approaches that do not utilize a hardware-based TEE.

The following table compares a typical TEE implementation with typical implementations of two other emerging classes of solution that protect data in use, Homomorphic Encryption (HE) and Trusted Platform Modules (TPM)

Table 1 - comparison of security properties of Confidential Computing vs. HE and TPMs

Trusted Execution Environments (TEEs)

According to the CCC (following common industry practices), a Trusted Execution Environment (TEE) is characterized by three essential properties, which are as follows:

• Data confidentiality: The TEE ensures that unauthorized entities cannot access or view data while it is being used within the environment.
• Data integrity: The TEE prevents unauthorized entities from making changes to the data, including additions, removals, or alterations, while it is in use within the environment.
• Code integrity: The TEE safeguards against unauthorized entities making any modifications to the code executing within the environment, including additions, removals, or alterations.

Fig - Trusted Execution Environment (TEE) Characteristics

Unauthorized entities encompass various actors such as other applications on the host, the host operating system and hypervisor, system administrators, service providers, the infrastructure owner, or anyone else who physically accesses the hardware. These properties collectively assure both data confidentiality and the accuracy of computations performed within the TEE, thereby instilling trust in the computation results.

Additionally, depending on the specific TEE implementation, it may offer further features, including:

• Code confidentiality: Some TEEs protect code from unauthorized viewing, which can be significant when safeguarding sensitive intellectual property, such as proprietary algorithms.
• Authenticated launch: Certain TEEs enforce authorization or authentication checks prior to launching requested processes and may refuse to launch unauthorized or unauthenticated processes.
• Programmability: TEEs may allow arbitrary code to be programmed, while others may support only a limited set of operations. Some TEEs may even consist entirely of fixed code established during manufacturing.
• Attestability: TEEs often provide evidence or measurements of their origin and current state, allowing third parties to verify the evidence and determine whether to trust the code running in the TEE. It is crucial that the evidence is signed by hardware that can be verified by the manufacturer to prevent it from being generated by malware or unauthorized parties.
• Recoverability: Certain TEEs offer mechanisms for recovery from non-compliant or potentially compromised states. For instance, if a firmware or software component fails compliance requirements and the launch authentication mechanism, it may be possible to update that component and retry (recover) the launch. Recoverability typically relies on trusted components within the TEE, acting as a "root" when updating other components.

Hardware-based TEEs leverage hardware-backed techniques to provide heightened security assurances for code execution and data protection within the TEE. This level of assurance is often absent in approaches that do not rely on a hardware-based TEE.

Benefits of Confidential Computing

Confidential computing offers numerous advantages to organizations concerned with data privacy and security.

• Data Confidentiality: By protecting data during processing, confidential computing ensures that sensitive information remains confidential and inaccessible to unauthorized entities.
• Integrity and Privacy Preservation: Confidential computing guarantees the integrity of data and computations, preventing unauthorized modifications or tampering. It also preserves the privacy of data, allowing organizations to retain control over their sensitive information.
• Enhanced Control and Trust: Confidential computing provides organizations with enhanced control over their data by minimizing trust assumptions about the underlying infrastructure. It offers a higher level of trust and assurance in the security of computations, even in untrusted environments.
• Regulatory Compliance: Confidential computing helps organizations comply with stringent data protection regulations. By safeguarding sensitive data during processing, organizations can meet regulatory requirements related to data privacy, security, and confidentiality.
• Collaboration and Data Sharing: With confidential computing, organizations can securely collaborate and share data while maintaining confidentiality. This is particularly valuable in industries where data sharing is essential for research, innovation, or collaborative decision-making.

Fig - Benefits of Confidential Computing

Implementing Confidential Computing

Implementing confidential computing requires careful planning and consideration.

• Assessing Confidentiality Requirements: Organizations should assess their confidentiality requirements and identify the specific data and computations that require protection. This assessment helps in determining the appropriate level of security measures to be implemented.
• Selecting the Appropriate Technology: Organizations need to evaluate and select the most suitable technology for their confidential computing needs. This involves considering factors such as performance, compatibility, scalability, and vendor support.
• Infrastructure Considerations: Implementing confidential computing may require adjustments to the existing infrastructure. Organizations should evaluate the hardware and software requirements, network architecture, and resource allocation to support confidential computing capabilities.
• Development and Deployment Best Practices: Following secure development and deployment practices is crucial to ensure the effectiveness of confidential computing. This includes secure coding, vulnerability scanning, and rigorous testing to identify and address potential security flaws.
• Monitoring and Incident Response: Implementing robust monitoring mechanisms allows organizations to detect any potential security breaches or unauthorized access attempts. Establishing incident response protocols ensures prompt actions in the event of a security incident.
• Regulatory and Legal Implications: Organizations must consider the regulatory and legal implications associated with implementing confidential computing. Compliance with data protection regulations, privacy laws, and contractual obligations should be thoroughly addressed.

The following table shows how scalability in various metrics compares between classical computing, computing using a typical hardware-based TEE, and Homomorphic Encryption. As with the security comparison, the actual answers may vary by vendor, model, or algorithm.

Table 2 - Comparison of scalability properties of Confidential Computing vs. HE and TPMs

Challenges in Implementation

While confidential computing brings significant benefits, organizations must address several challenges when implementing it.

• Performance Overhead: The use of encryption and secure enclaves can introduce performance overhead due to additional computational requirements. Organizations need to carefully consider the trade-off between security and performance to ensure optimal results.
• Key Management and Attestation: Effective key management and attestation processes are crucial for ensuring the integrity and security of confidential computing environments. Organizations must implement robust mechanisms to securely manage cryptographic keys and verify the integrity of trusted execution environments.
• Legacy System Integration: Integrating confidential computing into existing legacy systems can be challenging. Organizations need to evaluate compatibility, potential disruptions, and develop strategies to smoothly incorporate confidential computing technologies.
• Application Portability and Vendor Lock-in: Ensuring application portability and avoiding vendor lock-in are important considerations. Organizations should assess the flexibility and interoperability of confidential computing solutions to avoid dependence on specific vendors or platforms.
• Security and Vulnerability Management: Confidential computing environments must be continuously monitored and updated to address emerging security threats and vulnerabilities. Organizations should have robust security management practices in place to identify and mitigate potential risks.

Key strategies

Intel Announces New Confidential Computing Initiatives. Intel announced a number of new confidential computing initiatives on January 25, 2023. These initiatives include:

• The launch of a new Confidential Computing Center of Excellence to help customers and partners adopt confidential computing technologies.
• The release of new software tools and libraries to make it easier to develop and deploy confidential computing applications.
• The creation of a new Confidential Computing Ecosystem to bring together industry leaders to accelerate the adoption of confidential computing.

Google Announces Confidential Cloud Platform. Google announced the general availability of its Confidential Cloud Platform on February 1, 2023. The Confidential Cloud Platform is a suite of services that help organizations protect sensitive data in the cloud. These services include:

• Confidential VMs: A type of virtual machine that encrypts data in memory while it is being processed.
• Confidential Ledgers: A secure ledger that can be used to store and manage confidential data.
• Confidential Functions: A type of function that can be executed in a confidential environment.

Microsoft Announces Confidential Computing for Azure. Microsoft announced that it is bringing confidential computing to Azure on February 3, 2023. Confidential computing for Azure is a set of services that help organizations protect sensitive data in the cloud. These services include:

• Confidential VMs: A type of virtual machine that encrypts data in memory while it is being processed.
• Confidential Containers: A type of container that encrypts data in memory while it is being processed.
• Confidential Ledgers: A secure ledger that can be used to store and manage confidential data.

These are a few examples of key strategic initiatives that have been announced recently related to confidential computing. These initiatives are designed to help organizations adopt confidential computing technologies and protect sensitive data in the cloud.

Real-World Use Cases

Confidential computing finds practical applications across various industries, enabling organizations to protect sensitive data and ensure privacy.

Fig - Real World Use Cases

Keys, Secrets, Credentials and Tokens Storage and Processing:

Cryptographic keys, secrets, credentials and tokens are the “keys to the kingdom” for organizations responsible for protecting sensitive data. Traditionally, on-premises hardware security modules (HSMs) were used to comply with security standards and ensure the security of these assets. However, the proprietary nature of traditional HSMs limited their scalability and compatibility with cloud and edge computing environments, resulting in increased costs and deployment challenges. Confidential computing addresses these limitations by utilizing standardized compute infrastructure available on-premises, in public/hybrid clouds, and even at the network edge for IoT use cases. Independent software vendors (ISVs) and large organizations have already embraced confidential computing to securely store and process cryptographic and secret information. Key management applications leverage hardware-based trusted execution environments (TEEs) to store and process these assets, ensuring data confidentiality, integrity, and code integrity. The security achieved through confidential computing is comparable to traditional HSMs, providing a more scalable and cost-effective solution for storing and processing sensitive information.

Public Cloud Use Cases:

In traditional public cloud environments, trust is placed in multiple layers within the cloud provider's infrastructure. Confidential Computing introduces additional protection guarantees by reducing the number of layers that need to be trusted by end-users. With hardware-based Trusted Execution Environments (TEEs) safeguarding applications and data in use, unauthorized actors, even with physical or privileged access, face significant challenges in accessing protected application code and data. Confidential Computing aims to remove the cloud provider from the Trusted Computing Base, enabling workloads that were previously limited by security concerns or compliance requirements to be securely migrated to the public cloud.

Multi-Party Computing

As new compute paradigms emerge to enable data and processing power sharing across multiple parties, ensuring the confidentiality and integrity of sensitive or regulated data becomes crucial. Confidential Computing provides a solution for organizations to securely share and analyze data without compromising its privacy, even across untrusted platforms. Private multi-party analytics can be applied in various domains such as financial services, healthcare, and government to combine and analyze private data without exposing underlying data or machine learning models. With Confidential Computing, data remains protected against tampering and compromise, even from insider threats, ensuring secure collaboration and unlocking the potential of global data sharing while mitigating security, privacy, and regulatory risks.

Blockchain

Blockchains provide an immutable ledger for recording and validating transactions without the need for a centralized authority. While they offer transparency and data consistency, storing sensitive data on the immutable blockchain poses privacy concerns. Confidential Computing can enhance blockchain implementations by leveraging hardware-based Trusted Execution Environments (TEEs). TEEs enable users to execute smart contracts securely, ensuring data privacy, scalability, and verification optimization. TEE-based attestation services provide reliability proof for transactions, eliminating the need for each participant to independently validate historical data. Additionally, confidential computing addresses computational and communication inefficiencies associated with consensus protocols in blockchain systems.

Mobile and Personal Computing Devices

Confidential computing on client devices offers use cases that provide assurances of data privacy and integrity. Application developers and device manufacturers can ensure that personal data is not observable during sharing or processing, removing liability from manufacturers. Trusted Execution Environments (TEEs) enable formal verification of functional correctness, allowing developers to prove that user data has not left the device. For instance, continuous authentication implementations can operate within a TEE to identify users without exposing sensitive biometrics or behavioural data. Similarly, decentralized on-device model training can improve models and share improvements without leaking training data, providing user-controlled policy and constraints through mutual attestation in a hardware-based TEE.

Edge and IoT Use Cases:

Confidential computing finds valuable use cases in edge and IoT environments where data privacy and security are paramount. For instance, in scenarios like local search and filtering within home routers for DDoS detection, a confidential computing environment can protect sensitive user behavior inferred from TCP/IP packet metadata. Other examples include edge confidential machine learning processing, such as video metadata generation for reducing latency, CCTV camera surveillance with templates of persons of interest, and on-device training models. Confidential computing technology also helps mitigate attacks that exploit physical access to devices in environments where untrusted parties may have physical accessibility.

A data collection of records, a technological database linked together using cryptography, is called a blockchain. Globally expanding cross-border trade operations are predicted to boost demand for the technology. Data Bridge Market Research analyses that the blockchain market, valued at USD 10.02 billion in 2022, will reach USD 766.10 billion by 2030, growing at a CAGR of 71.96% during the forecast period of 2023 to 2030. The acceptance of cryptocurrencies by the law motivates companies and investors to increase their blockchain technology investments. Additionally, blockchain technology is anticipated to become more effective and efficient in the companies' efforts shortly. DeFi is a new blockchain-based financial technology that lessens banks' control over financial services and money. Throughout the projection period, market growth is anticipated by increasing strategic initiatives in the decentralized finance space.

• https://www.databridgemarketresearch.com/reports/global-blockchain-market

Future Trends and Directions

The field of confidential computing is rapidly evolving, and several future trends and directions can be identified.

• Advancements in Hardware-based TEEs: Hardware-based trusted execution environments are likely to see advancements in terms of performance, security, and functionality. Innovations in hardware technologies will provide more efficient and secure solutions for confidential computing.
• Standardization and Interoperability: Efforts to standardize confidential computing technologies and promote interoperability will facilitate the adoption and integration of confidential computing across different platforms and environments.
• Integration with Artificial Intelligence (AI) and Machine Learning (ML): Integrating confidential computing with AI and ML technologies will unlock new possibilities for secure data processing, enabling organizations to leverage the power of machine learning on sensitive data without compromising privacy.
• Industry Collaboration and Partnerships: Increased collaboration among industry players, research institutions, and regulatory bodies will drive the advancement and adoption of confidential computing. Partnerships will foster innovation, address challenges, and establish best practices for secure data processing.

Conclusion

Confidential computing offers a ground-breaking approach to protecting sensitive data during processing in untrusted environments. By combining principles such as data isolation, secure enclaves, attestation, encryption, and minimizing trust assumptions, organizations can ensure the confidentiality and integrity of their data. Despite challenges related to performance, key management, legacy systems, and application portability, the benefits of implementing confidential computing are substantial. Real-world use cases demonstrate its value in healthcare, finance, edge computing, and cloud computing. By following best practices and considering future trends, organizations can embrace confidential computing to safeguard their sensitive data and preserve privacy in an increasingly interconnected world.